Cribl’s cybersecurity team is using agentic AI to investigate phishing emails that have been flagged and growing this into autonomous threat hunting. “When an employee marks an email as suspicious, the system performs a deeper analysis, examining headers, content, and attachments such as PDFs and QR codes,” Myke Lyons, Cribl CISO, says.
If the AI confirms a phishing attempt, it autonomously searches for similar messages across the entire message store, enabling broader threat hunting. “This process mimics what a human analyst would do but is much faster, reducing the time from tens of minutes to near real-time,” Lyons says.
The AI performs nearly as well as a tier one analyst for phishing cases, with human analysts focusing on more sophisticated tasks. “With agentic AI, when you break down a process, like a phishing attack, and allow these agents to operate uniquely, they can run the scrutiny and do it at speed,” he says.
